FAQ

Questions before you reach out

Clear answers about what SecureForge AI does, how we engage with Canadian clients and what you should expect from a defensive security-engineering consultancy that uses AI-assisted analysis alongside qualified engineers.

QUICK ANSWERS

Common topics

If your question is not covered below, contact us at [email protected] or use the contact form. We respond within two business days.

SecureForge AI consultant answering client questions during briefing session in Vancouver

Pre-engagement briefing — we prefer direct answers over marketing language.

Is SecureForge AI a wellness / lifestyle brand (.life), an exploit / hacking-tool shop, or a course — and do you guarantee zero vulnerabilities?

No. We are a defensive AI security-engineering studio that hardens systems and runs authorized testing for client organizations. The .life TLD is branding only — this is not wellness, lifestyle, coaching or mental-health. "Secure" and "Forge" mean engineering and hardening secure systems, not metalwork and not a code repository; we do not sell exploits, malware or hacking tools, and we do not sell courses.

All red-team and penetration testing is performed lawfully, only with written authorization. No system is ever perfectly secure — AI findings need human verification, and we do not guarantee zero vulnerabilities or specific outcomes. We are a professional security-AI services firm, not a self-serve SaaS product and not a hacking-for-hire operation.

How does engineer verification work in practice?

AI-assisted tools analyse configuration exports, infrastructure-as-code repositories, cloud API responses and identity policies. They correlate drift against declared baselines and flag policy gaps at scale. When a tool surfaces a potential finding, it enters our engineering review queue — it does not go directly to your team as a confirmed issue.

A qualified SecureForge engineer reviews the finding in context: business criticality, blast radius, whether a compensating control already exists and whether a recent change ticket explains the deviation. Only after human verification does a critical finding reach your designated contacts. False positives are logged, categorised and fed back into tuning so the same noise does not recur.

What does a typical engagement cost in Canadian dollars?

Pricing depends on estate size, complexity and coverage hours. As indicative ranges: an architecture review or initial hardening assessment typically starts around C$5,200. Fixed projects such as configuration baseline development, AI governance reviews or supply-chain assessments range from C$4,800 to C$24,000 depending on scope. Ongoing hardening retainers run from approximately C$7,000 to C$19,500 per month. Authorized assessment exercises and incident-readiness programmes are scoped individually.

All figures are CAD, exclusive of applicable taxes. We provide a written scope document before work begins. See our Services page for per-discipline starting ranges.

Which cloud platforms and tools do you support?

We assess estates on major cloud providers, Kubernetes clusters, hybrid environments and on-premises infrastructure. We integrate with common identity providers, CI/CD platforms, policy-as-code tooling and observability stacks rather than requiring migration to a specific vendor. During an architecture review we inventory your current stack and identify integration points. Our value is in engineering judgment and hardening deliverables — not licence resale.

Do you work with organizations outside British Columbia?

Yes. While we are headquartered in Vancouver, we serve clients across Canada. Most assessment and review work can be conducted remotely with secure access to your configuration exports and architecture documentation. On-site sessions — for tabletop exercises, executive briefings or controlled validation — are available by arrangement.

How do you handle personal information under Canadian privacy law?

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for British Columbia clients and our own operations, the Personal Information Protection Act (BC PIPA). Contact form data is used only to respond to your enquiry. Client engagement data is governed by our service agreements and Privacy Policy. We do not sell personal information.

What should we prepare before an architecture review?

A high-level architecture diagram, list of production environments, identity and access overview, recent audit or assessment reports if available, and clarity on compliance obligations (SOC 2, ISO 27001, sector-specific requirements). We will provide a detailed preparation checklist after initial scoping. You do not need a perfect documentation set — we help identify gaps as part of the review.

Still have questions?

We are happy to discuss scope, timelines and fit before you commit to an engagement.

Contact us